strace

Overview

Traces and returns system calls made by a process.

Usage Guide

Strace only requires the executable for the process you are tracing as a parameter, eg:
strace ls
A selection of the output from this command is as follows:
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=24, ws_col=197, ws_xpixel=0, ws_ypixel=0}) = 0
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=3056, ...}) = 0
fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
getdents64(3, /* 102 entries */, 4096) = 3528
getdents64(3, /* 0 entries */, 4096) = 0
close(3) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7c09000
write(1, "bind\t\t Examples\t\t\t\timages\t\t "..., 111) = 111
write(1, "Desktop\t\t EzCom\t\t\t\timg\t\t "..., 119) = 119
write(1, "diskanalyser-strace fileserver\t"..., 124) = 124
write(1, "Django Work\t firewall.iptabl"..., 90) = 90
write(1, "Documents\t Glen Waverley Tra"..., 125) = 125
close(1) = 0
munmap(0xb7c09000, 4096) = 0
close(2) = 0
exit_group(0) = ?

In the output above, each line starts with a system call name, accompanied by arguments in parentheses. Eg, ioctl(), fstat64(), open() and close(). Most system calls are documented and can be found via Google. The calls of most interest are those that fail, eg:
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
We have a failed attempt to access a file called /etc/ld.so.nohwcap. A quick Google search indicates this file disables searches for object files especially compiled for your machines hardware capabilities. Its' absence only indicates that the system will try to find and load object files that have been optimised for your hardware.

Strace comes with some handy parameters, here are a few of the ones I find most useful:
-c - lists a summary of calls, this is an example of the output when using the -c parameter:
Process 8204 detached
% time    seconds    usecs/call    calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
100.00    0.000042    1    39    14 open
0.00    0.000000    0    12    read
0.00    0.000000    0    17    write
0.00    0.000000    0    27    close
0.00    0.000000    0    1    execve
0.00    0.000000    0    9    9 access
0.00    0.000000    0    3    brk
0.00    0.000000    0    2    ioctl
0.00    0.000000    0    4    munmap
0.00    0.000000    0    1    uname
0.00    0.000000    0    7    mprotect
0.00    0.000000    0    2    rt_sigaction
0.00    0.000000    0    1    rt_sigprocmask
0.00    0.000000    0    1    getrlimit
0.00    0.000000    0    37    mmap2
0.00    0.000000    0    26    fstat64
0.00    0.000000    0    2    getdents64
0.00    0.000000    0    1    fcntl64
0.00    0.000000    0    2    futex
0.00    0.000000    0    1    set_thread_area
0.00    0.000000    0    1    set_tid_address
0.00    0.000000    0    1    1 statfs64
0.00    0.000000    0     1    set_robust_list
------ ----------- ----------- --------- --------- ----------------
100.00    0.000042    198    24 total
-f - Include child processes of the process being traced.
-T - Include the time taken for the call to complete.
-t - Include the time at which the call was made.
-tt - Include the time at which the call was made, using microseconds time intervals.
-v - Verbose output.
-e - restrict output to a subset of system calls. The following parameters can be used with -e:
-e trace=file Only output system calls that take a filename as an argument.
-e trace=process Only output system calls relating to process management.
-e trace=network Only output system calls that relate to network functions.
-e trace=signal Only output system calls that relate to signals.
-e trace=ipc Only output system calls that relate to system process communications.
-e trace=desc Only output system calls related to file descriptors.
-o Write the trace output to a file, eg strace -o my-trace-file ls.
-p Attach to a process that is already running, eg strace -p 6753.

Tool Data

Operating Platform:Linux
Diagnostic Target:OS - Threads and Processes
Tool Executable:strace
Obtain From:Available via most package managers and Sourceforge

Results for Tools search

You entered the search string "".
No results were returned for this string.

Copyright © 1997 - 2016 Mission Pacific Pty Ltd. All rights reserved. ezcom, the ez logo and hard tech cafe are registered trademarks of Mission Pacific Pty Ltd. Designed for firefox and safari. Sitemap